6.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
26.4%
A vulnerability in the
implementation of executable utilities that use the universal bootloader
(u-boot) compiler of Cisco TelePresence TC and TE Software could allow
an authenticated, local attacker to create a buffer overflow and
possibly execute arbitrary code on the affected system.
The
vulnerability is due to the improper implementation of internal executable files
when the u-boot compiler flag is defined. An attacker could exploit
this vulnerability by accessing the affected system command-line interface (CLI) and try to run
the affected executable files.
Cisco has confirmed the vulnerability in a security advisory and released software updates.
A successful exploit would require local access to the targeted device. This access requirement decreases the likelihood of a successful exploit.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
CPE | Name | Operator | Version |
---|---|---|---|
cisco telepresence tc software | eq | any | |
cisco telepresence tc software | eq | any |